[FUG-BR] Squid Transparente + IPFW

ThOLOko tholoko em gmail.com
Sexta Outubro 19 12:10:54 BRST 2007


Complementando:
squid
2007/10/19 11:16:30| Can't be both a transparent proxy and web server
accelerator on the same port
FATAL: Bungled squid.conf line 4: http_port 3128 transparent vhost
Squid Cache (Version 2.6.STABLE16): Terminated abnormally.


2007/10/19, ThOLOko <tholoko em gmail.com>:
>
> Bom dia galerinha,,, Me desculpem por esse tópico, sei que existem varios
> mas mesmo seguindo vários deles (muitos sem fim) não consegui fazer rodar o
> SQUID Transparente + IPFW...
>
> Segue abaixo meu squid.conf
>
> http_port 3128
> visible_hostname firewall
>
> redirect_rewrites_host_header off
> http_port 7.8.9.254:3128 transparent
>
> #tamanho do cache na memoria RAM
> cache_mem 50 MB
>
> shutdown_lifetime 3 seconds
> icp_port 0
>
> #tamanho maximo dos objetos na memoria RAM
> maximum_object_size_in_memory 64 KB
>
> #tamanho maximo do objetos no cache
> maximum_object_size 20 MB
>
> #tamanho minimo do objetos no cache
> minimum_object_size 0 KB
>
> cache_swap_low 90
> cache_swap_high 95
>
> #diretorio do cache
> cache_dir ufs /usr/local/squid/cache 3000 16 256
> cache_access_log /usr/local/squid/logs/access.log
>
> #atualizacao do cache
> refresh_pattern ^ftp: 15 20% 2280
> refresh_pattern ^gopher: 15 0% 2280
> refresh_pattern . 15 20% 2280
>
> #ACLs
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
>
> acl SSL_ports port 445 443 441 563
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 445 443 441 563 # https, snews
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
>
> acl redeinterna src 7.8.9.0/24
> acl admin src 7.8.9.248
>
> #acl restritos dstdom_regex "/usr/local/etc/squid/restritos"
> acl bloqueados dstdom_regex "/usr/local/etc/squid/bloqueados"
>
> acl manha time MTWHF 08:00-12:00
> acl tarde time MTWHF 13:30-17:20
> #S-Domingo, M-Segunda, T-Ter.a, W-Quarta, H-Quinta, F-Sexta, A-Sabado
>
> http_access allow manager localhost
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access allow localhost
>
> http_access allow admin
>
> http_access deny bloqueados
> #http_access deny manha restritos
> #http_access deny tarde restritos
>
> http_access allow redeinterna
>
> http_access deny all
>
>
> Agora minhas regras de IPFW:
>
> /sbin/ipfw -f flush
>
> ipfw add allow tcp from 7.8.9.254 to any 80 # evita loop
> ipfw add fwd 7.8.9.254,3128 tcp from 7.8.9.0/24 to any 80
>
>
> E já compilei o Kernel para rodar nat e ipfw... O NAT esta rodando
> perfeitamente...
>
> Não sei se a opção correta é http_port 7.8.9.254:3128 transparent
>
> Abraços!
>
> --
> ThOLOko
> ThOmaz BeLgine
> -FrEEBSD-
> UniX TeaM
> (LeT's MaKe InStaLL ClEan)




-- 
ThOLOko
ThOmaz BeLgine
-FrEEBSD-
UniX TeaM
(LeT's MaKe InStaLL ClEan)


Mais detalhes sobre a lista de discussão freebsd